Python/nltk/3.9b1

Natural Language Toolkit

Repo Link: https://pypi.org/project/nltk
License: Apache-2.0

1 Security Vulnerabilities

ntlk unsafe deserialization vulnerability

Published date: 2024-06-28T00:33:31Z

CVE: CVE-2024-39705

Links:

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt.

Affected versions: ["0.8", "0.9.4", "0.9.5", "0.9.6", "0.9.8", "0.9.9", "2.0.1", "2.0.1rc3", "2.0.1rc4", "2.0.5", "2.0b4", "3.0.0", "3.0.0b1", "3.0.1", "3.0.2", "3.0.3", "3.0.4", "3.0.5", "3.1", "3.2.1", "3.2.3", "3.4.4", "3.5", "3.5b1", "3.6", "0.9", "0.9.3", "0.9.7", "2.0.1rc1", "2.0.1rc2-git", "2.0.2", "2.0.3", "2.0.4", "2.0b5", "2.0b6", "2.0b7", "2.0b8", "2.0b9", "3.0.0b2", "3.2", "3.2.2", "3.2.4", "3.2.5", "3.3", "3.4", "3.4.1", "3.4.2", "3.4.3", "3.4.5", "3.6.1", "3.6.2", "3.6.3", "3.6.4", "3.6.5", "3.6.6", "3.6.7", "3.7", "3.8", "3.8.1", "3.8.2", "3.9b1"]

Secure versions: [3.9, 3.9.1]

Recommendation: Update to version 3.9.1.

63 Other Versions

Version	License	Security	Released
0.9.5	GPL	5	1970-01-01 - 00:00	over 55 years
0.9.4	GPL	5	1970-01-01 - 00:00	over 55 years
0.9.3	GPL	5	1970-01-01 - 00:00	over 55 years
0.9	GPL	5	1970-01-01 - 00:00	over 55 years
0.8	GPL	5	1970-01-01 - 00:00	over 55 years
2.0b4	Apache-2.0	5	2009-07-15 - 09:32	almost 16 years
3.5b1	Apache-2.0	4	2020-03-08 - 00:48	over 5 years
2.0b9	Apache-2.0	5	2010-08-23 - 07:46	almost 15 years
2.0b5	Apache-2.0	5	2009-07-19 - 10:20	almost 16 years
2.0b6	Apache-2.0	5	2009-09-25 - 10:31	almost 16 years
3.9b1	Apache-2.0	1	1970-01-01 - 00:00	over 55 years
2.0b7	Apache-2.0	5	2009-11-09 - 14:20	over 15 years
2.0b8	Apache-2.0	5	2010-03-10 - 20:30	over 15 years